ncTHF.IlNlTF " STATES IS: 

, A metho? for tracking denial-of-service floods, the method comprising: 
.routing a flood attack datagram to a tracking router, wherein the tracking router 
forms an overlay tracing network with respect to an egress edge router; and 

identifying an mgress edge router that forwarded the DoS flood attack datagram. 

to claim 1 , further comprises executing security diagnostic 
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2. The method aicording 1 



functions. 



3, The method according to 



claim 2, wherein the security diagnostic functions comprise 



input debugging. 

4. The method accokgto Cairn 1, wherein the overlay tracking network is within an 
autonomous system that is different from another autonomous system corresponding ,0 the 

ingress edge router and the egrWs edge router. 

5 Tne method accord! to Cairn 4, ftrther comprising providing routing information hy 
to overiay tracking network to I ingress edge router and the egress edge router using an inter- 
administrative-domain routing/signaling protocol. 

6. The method according .1 claim 5, wherein the i„,e,administrative-domain 
routing/signaling protocol is BOP (Uer Gateway Protocol). 

7 The method according to Lm 1 , further comprising communicating between the 
edge routers and the tracking router viatunneis tha, are created over an unreliable datagram 

delivery service protocol. 

g The method according to clairk further comprising communicating between the 
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, • i rthor romnrising communicating between the 
9. The method according to claim 1, further comprising 

a the tracking router via physical connections, 
edge routers and the tracking ruu r 

static route to the victim. 

„ Them emodac^ 

thee dgeroutersus^ 

, 1, to claim 1 1 wherein the inter-administrative-domain 
12 The method according to claim u, w 

\ • nnrP rFxtemal Border Gateway Protocol), 

routing/signaling protocol in thaannouncing step is EBGP (External 

node receiving the DoS flood attik datagram. 
RA co,nn— ns^ 

communication system comprisin 

a p tol n y o f edgero U tclc,udinga„ingressedgero U .erandane g ,essedgero U tcr, 

oftheDoS flood attack datagram; And 



edge routers. 
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I • *u e^niritv diagnostic functions 

L- „ to claim 14, wherein the security ai & 
15. The system accoMing to claim , 

co mpr,einpu,deou g8 m, \ ^^^.^i.— 
i,^ system accorkngtodaim 

„ thal is different from another autonomous syst 
autonomous system that is a l 

pl uraii«y of edge routers. \ ^ , he ttacking router —cates n,uun g 

routing/signaling protocol. \ - the ^-administrative-domain 

j- L+oriflim 17, wherein tnemici a 
18. The system according to claim i/, 

routing/signaling protocol is BGlL the track ing router communicates with 

19 Th esystemaccording\toclaiml4,whereinthetraclcing 

the edge routers via tunnels that art cr 

protocol. \ thP tracking router communicates with 

j. „ t \ rlaml 14, wherein the tracking 
20 The system according t6 claim i , 

------t-T^----- 

„ tn Liaim 14, wherein the tracing 

21. The system according totelaim i , 

22. The system according to Maim 
.ompnsesaddiuonatttacHngroutersl ^ tIacking routers are ^connected 

23 * system according to Lm 22, wherein uie trying 

t ed over an ulehahte datagr.1 dehvery service protoco, 
^tunnetsthatarecreatedoveran * ^ „ intercome c,ed 

24 The system according to cW 22, wherein 

^.rtuaiconnectionsoveraseparateo^rtayerprotocoi. 
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25. The system ai 
via physical connections. 

26. The system 
flood attack datagram to the; 
router. 



cccrding to claim 22, wherein 



according 



victim node, the victimi 



the tracking routers are interconnected 



to claim 14, wherein the ingress edge router routes the DoS 
tracking router due to a dynamic routing update from the tracking 



27 Th e system according to claim 26, further comprising an external router coupled to 



node receiving the DoS flood attack datagram. 



28. A computer-readable medium carrying one or 



more sequences of one or more 



the one or more processor] to perform the steps of: 
receiving a DoS flo 



identifying the DoS 
identifying a previous hop router a 



od attack datagram; 
flood attack datagram; and 

ssociated with the DoS flood attack datagram to 



adjacency and an ingress ; 



ultimately locate an ingress 
attack. 

29. The computer-: 
readable medium further incudes instructions for causing 



djacency associated with the DoS flood 



iadable medium according to claim 28, wherein the computer 

the one or more processors to perform 



the steps of: 

instructing the previous hop router to 

with the DoS flood attack datagram 



identify a respective previous hop router associated 
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